File System Vulnerability For Magento

By Tarun Dua
8th, July 2015

FILE SYSTEM VULNERABILITY has been discovered in Magento that enables an attacker to execute arbitrary code on your magento server. Just create a file with .CSV extension, create writable directories, and change the permission of existing files to world writable(777). The issue affects all shipping versions of Magento Community Edition (CE) and Enterprise Edition (EE). Operating system Versions affected are:

CentOS 5.x and 6.x.
RedHat Enterprise Linux 5.x and 6.x.

DETERMINING YOUR VULNERABILITY TO THE FILE SYSTEM ATTACK: To confirm you are Vulnerable create a file named test.php.csv anywhere in your web server’s docroot with the following contents:

?php phpinfo()

Display that page in a web browser. (For example, http://www.example.com/path/test.php.csv If your browser saves the file or prompts you to save the file instead of displaying it, your server is not vulnerable.]]>

India's Largest NSE Listed Cloud Provider

How to Prevent Cloud Configuration Security Vulnerabilities

Magento on E2E Cloud: A Winning Combination

How Artificial Intelligence Will Transform Real Estate

File System Vulnerability For Magento